A method and data processing system assesses the security vulnerability of a network by creating a system object model database representing a network. The system object model database supports the information data requirements of disparate network vulnerability analysis programs. The system object model database is exported to the disparate network vulnerability analysis programs. The network is analyzed with each network vulnerability analysis program to produce data results from each program. Data results are correlated to determine the security posture of the network.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for assessing the security posture of a network comprising the steps of: creating a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated network vulnerability analysis programs; exporting the system object model database of the network to the separate, non-integrated network vulnerability/risk analysis programs, wherein each analysis program is operative to run as a separate program and produce an initial data source separate from any data sources produced by respective other programs also running to produce a plurality of initial data sources for creating the system object model database; analyzing the network with each network vulnerability analysis program to produce data results from each program; and correlating the data results of the network vulnerability analysis programs to determine the security posture of the network.
2. A method according to claim 1 , and further comprising the step of importing the system object model database to the network vulnerability analysis programs via an integrated application programming interface.
3. A method according to claim 1 , and further comprising the step of modeling the network as a map on a graphical user interface.
4. A method according to claim 1 , and further comprising the step of establishing a class hierarchy to define components of the network vulnerability analysis programs that share common data and programming traits.
5. A method according to claim 1 , and further comprising the step of correlating the data results of the network vulnerability analysis programs using fuzzy logic processing.
6. A method according to claim 1 , and further comprising the step of running the network vulnerability assessment/risk analysis programs to obtain data results pertaining to network system details, network topologies, node level vulnerabilities and network level vulnerabilities.
7. A method for assessing the security posture of a network comprising the steps of: creating a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated network vulnerability/risk analysis programs, wherein each analysis program is operative to run as a separate program and produce an initial data source separate from any data sources produced by respective other programs also running to produce a plurality of initial data sources for creating the system object model database; importing the system object model database of the network to the network vulnerability analysis programs through filters associated with each respective network vulnerability analysis program to export only the data required by a respective network vulnerability analysis program; analyzing the network with each network vulnerability analysis program to produce data results from each program; and correlating the data results of the network vulnerability analysis programs to determine the security posture of the network.
8. A method according to claim 7 , and further comprising the step of exporting the system object model database to the network vulnerability assessment/risk analysis programs via an integrated application programming interface.
9. A method according to claim 7 , and further comprising the step of modeling the network as a map on a graphical user interface.
10. A method according to claim 7 , and further comprising the step of establishing a class hierarchy to define components of the network vulnerability analysis programs that share common data and programming traits.
11. A method according to claim 7 , and further comprising the step of correlating the data results of the network vulnerability analysis programs using fuzzy logic processing.
12. A method according to claim 7 , and further comprising the step of running the network vulnerability analysis programs to obtain data results pertaining to network system details, network topologies, node level vulnerabilities and network level vulnerabilities.
13. A computer program that resides on a medium that can be read by a program, wherein the computer program comprises instructions to cause a computer to create a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated disparate network vulnerability analysis programs that analyze discrete network portions, wherein each analysis program is operative to run as a separate program and produce an initial data source separate from any data sources produced by respective other programs also running to produce a plurality of initial data sources for creating the system object model database; export the system object model database of the network to the network vulnerability analysis programs; analyze the network with each network vulnerability/risk analysis program to produce data results from each program; and correlate the data results of the network vulnerability analysis programs to determine the security posture of the network.
14. A computer program according to claim 13 , and further comprising instructions for displaying an integrated application programming interface, and exporting the system object model database to the network vulnerability analysis programs via the integrated application programming interface.
15. A computer program according to claim 13 , and further comprising instructions for modeling the network as a map on a graphical user interface.
16. A computer program according to claim 13 , and further comprising instructions for establishing a class hierarchy to define components of the network vulnerability analysis programs that share common data and programming traits.
17. A computer program according to claim 13 , and further comprising instructions for correlating the data results of the network vulnerability analysis programs using fuzzy logic processing.
18. A computer program according to claim 13 , and further comprising instructions for running the network vulnerability analysis programs to obtain data results that pertain to network system details, network topologies, node level vulnerabilities and network level vulnerabilities.
19. A computer program that resides on a medium that can be read by a program, wherein the computer program comprises instructions to cause a computer to create a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated network vulnerability analysis programs that analyze discrete network portions, wherein each analysis program is operative to run as a separate program and produce an initial data source separate from any data sources produced by respective other programs also running to produce a plurality of initial data sources for creating the system object model database; import the system object model database of the network to the network vulnerability analysis programs through filters associated with each respective network vulnerability analysis program so as to export only the data required by the respective network vulnerability analysis program; analyze the network with each network vulnerability analysis program to produce data results from each program; and correlate the data results of the network vulnerability analysis programs to determine the security posture of the network.
20. A computer program according to claim 19 , and further comprising instructions for displaying an integrated application programming interface, and exporting the system object model database to the network vulnerability analysis programs via the integrated application programming interface.
21. A computer program according to claim 19 , and further comprising instructions for modeling the network as a map on a graphical user interface.
22. A computer program according to claim 19 , and further comprising instructions for establishing a class hierarchy to define components of the network vulnerability analysis programs that share common data and programming traits.
23. A computer program according to claim 19 , and further comprising instructions for correlating the data results of the disparate network vulnerability analysis programs using fuzzy logic processing.
24. A computer program according to claim 19 , and further comprising instructions for running the network vulnerability analysis programs to obtain data results that pertain to network system details, network topologies, node level vulnerabilities and network level vulnerabilities.
25. A data processing system for assessing the security vulnerability of a network comprising: a plurality of separate, non-integrated network vulnerability/risk analysis programs used for analyzing a network; a system object model database that represents the network to be analyzed, wherein the system object model database supports the information data requirements of the network vulnerability/risk analysis programs, wherein each analysis program is operative to run as a separate program and produce an initial data source separate from any data sources produced by respective other programs also running to produce a plurality of initial data sources for creating the system object model database; an applications programming interface for exporting the system object model database of the network to the network vulnerability/risk analysis programs; and a processor for correlating the data results obtained from each network vulnerability analysis program after analyzing the network to determine the security posture of the network.
26. A data processing system according to claim 25 , wherein the applications programming interface for importing the system object model database comprises a graphical user interface.
27. A data processing system according to claim 25 , and further comprising a graphical user interface that models the network as a map.
28. A data processing system according to claim 25 , and further comprising a graphical user interface for displaying the security posture of the network.
29. A data processing system according to claim 25 , wherein said database further comprises an object oriented class hierarchy to define components of the network vulnerability analysis programs that share common data and programming traits.
30. A data processing system according to claim 25 , wherein said processor comprises a fuzzy logic processor.
31. A data processing system for assessing the security vulnerability of a network comprising: a plurality of separate, non-integrated network vulnerability/risk analysis programs used for analyzing a network; a system object model database that represents the network to be analyzed, wherein the system object model database supports the information data requirements of each network vulnerability analysis program, wherein each analysis program is operative to run as a separate program and produce an initial data source separate from any data sources produced by respective other programs also running to produce a plurality of initial data sources for creating the system object model database; an applications programming interface for exporting the system object model database of the network to the separate, non-integrated network vulnerability analysis programs; a filter associated with the applications programming interface and each respective network vulnerability analysis program for filtering the system object model database and exporting only the required data requirements to each network vulnerability analysis program; and a processor for correlating the data results obtained from each network vulnerability analysis program after analyzing the network to determine the security posture of the network.
32. A data processing system according to claim 31 , wherein the applications programming interface for importing the system object model database to comprises a graphical user interface.
33. A data processing system according to claim 31 , and further comprising a graphical user interface that models the network as a map.
34. A data processing system according to claim 31 , and further comprising a graphical user interface for displaying the vulnerability posture of the network.
35. A data processing system according to claim 31 , wherein said database further comprises an object oriented class hierarchy to define components of the network vulnerability analysis programs that share common data and programming traits.
36. A data processing system according to claim 31 , wherein said processor comprises a fuzzy logic processor.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
February 8, 2000
August 22, 2006
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.